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(54) Semiconductor device and control device for use therewith 



(57) A semiconductor device includes: a memory 
having a memory space for recording data, the memory 
space including addresses; at least one first storage 
section for storing at least a portion of an address at 
which access to the memory space is requested and/or 
data which is requested to be written to the memory 



space; and an operation restriction circuit for at least 
partially restricting operations to be performed on the 
memory. The operation restriction circuit controls re- 
striction on the operations to be performed on the mem- 
ory based on at least a portion of the data and/or the 
address stored in the at least one first storage section. 
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Description 

BACKGROUND OF THE INVENTION 

1. FIELD OF THE INVENTION: 5 

[0001 ] The present invention relates to a semiconduc- 
tor device having a memory space composed of rewri- 
table semiconductor memory cells, and a control device 
for use therewith. In particular, the present invention re- 10 
lates to a semiconductor device having a security func- 
tion for protecting from unauthorized access any content 
which is stored in the memory space, and a control de- 
vice for use therewith. 

15 

2. DESCRIPTION OF THE RELATED ART: 

[0002] A semiconductor device such as a semicon- 
ductor memory device has a memory space composed 
of rewritable semiconductor memory cells which are 20 
represented by respective addresses. A semiconductor 
memory device may store information (such as copy- 
right-protected subject matter or privacy information of 
individuals) which should not be subjected to unauthor- 
ized reading by a third party, or information which should 25 
not be subjected to unauthorized overwriting (as in the 
case of IC card applications). There have been pro- 
posed some semiconductor devices having a memory 
space, and control devices for use therewith, which 
have a security function for protecting the stored con- 30 
tents (data) from such unauthorized access. 
[0003] Hereinafter, a conventional semiconductor de- 
vice having a security function will be described with ref- 
erence to Figures 5 to 7. 

[0004] Figure 5 is a schematic block diagram illustrat- 35 
ing a minimum structure for realizing a security function. 
A semiconductor device 600 shown in Figure 5 includes 
a memory accessing means 604, a memory 613 having 
a memory space (semiconductor memory cells) for stor- 
ing data, and a security means 609 inserted therebe- *o 
tween. With the security means 609, it is possible to re- 
strict some or ail of the operations which are externally 
requested. 

[0005] The memory accessing means 604 externally 
receives an address signal 601, a control signal 602, 45 
and a data signal 603, and outputs an address signal 
605 which designates one or several of the storage units 
(semiconductor memory cells) in the memory space of 
the memory 61 3 to which access is to be made; a control 
signal 607 which designates the type and/or content of so 
access to be performed to the memory 613; and a data 
signal 608 which is used for inputting or outputting of 
data in accordance with the designated content in the 
memory 613. 

[0006] The security means 609 is capable of restrict- 55 
ing some or all of the operations which are represented 
by a signal which is output from the memory accessing 
means 604 to the memory 613. For example, the secu- 
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rity means 609 is capable of restricting the reading of 
any content which is stored in the memory 61 3, restrict- 
ing the overwriting of any content which is stored in the 
memory 613, or both. 

[0007] A given operation which is instructed by the 
memory accessing means 604 to be performed on the 
memory 613 is represented by the address signal 605, 
the control signal 607, and the data signal 608 which 
are output to the security means 609. In the case where 
the content of the operation which Is instructed by the 
memory accessing means 604 to be performed on the 
memory 613 is permitted, the security means 609 out- 
puts an address signal 610, a control signal 611, and a 
data signal 612 to the memory 613 to perform an oper- 
ation as instructed by the memory accessing means 
604. On the other hand, in the case where the content 
of the operation which is instructed by the memory ac- 
cessing means 604 to be performed on the memory 61 3 
is not permitted, the security means 609 applies a con- 
version process to at least one of the address signal 
610, the control signal 611, and the data signal 612. If 
the externally instructed operation involves outputting of 
the data which is stored in the memory 61 3, the security 
means 609 applies a conversion process to the data sig- 
nal 608 which is output from the security means 609 to 
the memory accessing means 604. Thus, the operations 
to the memory 613 are restricted so that any operations 
which are not permitted will not occur, thereby realizing 
a security function for the memory 613. 
[0008] All of the component elements of the semicon- 
ductor device 600 shown in Figure 5 may be provided 
on one device. Alternatively, the component elements 
may be distributed over a number of devices so that a 
security function will be realized when the devices are 
used in combination. For example, in the case where 
the security function is to be realized on a single device, 
an interface circuit for interfacing with the exterior of the 
device may be utilized as the memory accessing means 
604, while a circuit for restricting some or all of the op- 
erations which require access to the memory space may 
be inserted (as the security means 609) between the 
memory 613 as a circuit having a memory space and 
the memory accessing means 604. 
[0009] Alternatively, in the case where the security 
function is to be realized on a number of devices collec- 
tively, e.g., when the memory accessing means 604, the 
security means 609, and the memory 61 3 are all provid- 
ed on discrete devices, a circuit for restricting some or 
all of the operations which require access to the memory 
space may be inserted (as the security means 609) be- 
tween a memory controller functioning as the memory 
accessing means 604 and the memory 613 having a 
memory space. 

[0010] Hereinafter, a semiconductor device which is 
capable of outputting dummy data when a read access 
to the memory is made will be specifically described, by 
an illustration of a structure in which read operations to 
a memory are restricted until deactivation of a security 
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function. 

[001 1] Figure 6 is a schematic block diagram illustrat- 
ing a conventional semiconductor device 450 which re- 
alizes the above-described security function. The sem- 
iconductor device 450 includes an interface circuit 404, 5 
a security circuit 409, and a memory 41 3 having a mem- 
ory space composed of semiconductor memory cells. 
The security circuit 409 includes a password storage cir- 
cuit 414 for storing a password, a comparison circuit 
41 6, and an operation restriction circuit 41 8 for restrict- 10 
ing operations to be performed on the memory 413. 
[0012] In accordance with the semiconductor device 
450, restriction on read operations is established (i.e., 
a security function is set) at the time when the semicon- 
ductor device 450 is turned ON. The security function is 
can only be deactivated if a password (security control 
signal) 407 which is externally input via the interface cir- 
cuit 404 matches a fixed password which is stored in the 
password storage circuit 414 in the security circuit 409; 
after which read operations can be performed normally. 20 
[001 3] In the case of making an external access to the 
stored content (data) which is stored in a given address 
in the memory 41 3 of the semiconductor device 450, an 
address signal 401, a control signal 402, and a data sig- 
nal 403 are input to the interface circuit 404. The inter- 25 
face circuit 404 outputs an internal address signal 405 
and an internal control signal 406, and if necessary an 
internal data signal 408, to the memory 41 3. In the case 
where the security function of the memory 413 is deac- 
tivated, the operation restriction circuit 418 outputs an 30 
address signal 410, a control signal 41 1, and a data sig- 
nal 412 to the memory 413 in accordance with the ad- 
dress signal 401, the control signal 402, and the data 
signal 403, which are externally supplied (or more di- 
rectly, in accordance with the interna! address signal 35 
405, the internal control signal 406, and the interna! data 
signal 406). As a result, a normal operation is per- 
formed. 

[0014] The semiconductor device 450 is constructed 
in such a manner that the security function of the mem- *o 
ory 413 is set in an initial state which follows after the 
semiconductor device 450 is turned ON. As a result of 
the restriction on some or all of the operations to the 
memory 413 enforced by the security circuit 409, the 
semiconductor device 450 either refrains from operating 45 
at all or performs an operation which is different from an 
instructed operation. In applications which are arranged 
so as to output dummy data (instead of normal data) 
when a read access to the memory 413 is made, once 
the security function is set, only the dummy data will be 50 
output in response to any read access made to the 
memory 413, thereby preventing any unauthorized 
reading. 

[001 5] The following methods have been proposed as 
methods for realizing the aforementioned function of 55 
preventing unauthorized read. For example, a method 
described in Japanese Laid-Open Publication No. 
59-152599 ensures that, while the security function is 



activated, the address signal 410 is not output from the 
security circuit 409 to the memory 413 unless certain 
conditions are satisfied. According to a method de- 
scribed in Japanese Laid-Open Publication No. 
6-250939, the security circuit 409 encrypts the data sig- 
nal 412 received by the memory 413 and outputs the 
encrypted version of the data signal 412 to the interface 
circuit 404 as the data signal 408. According to yet an- 
other method, it is ensured that, while the security func- 
tion is activated, the security circuit 409 does not output 
the control signal 41 1 to the memory 41 3 for instructing 
a read operation to be commenced unless certain con- 
ditions are satisfied. 

[0016] In order to deactivate the read restriction for 
the memory 413, a password (security control signal) 
407 for deactivating the operation restriction is external- 
ly input. The externally input password 407 is compared 
by the comparison circuit 41 6 against a password signal 
415 representing a pass word which is stored in the 
password storage circuit 414. If both passwords match, 
the comparison circuit 416 issues an operation restric- 
tion deactivating signal (password match signal) 41 7 to 
the operation restriction circuit 418. Upon receiving the 
operation restriction deactivating signal 417, the opera- 
tion restriction circuit 418 permits any subsequent read 
operations to be performed to the memory. Thereafter, 
read operations will be normally performed upon re- 
quest of a read. 

[001 7] Based on the above structure, the stored con- 
tent in the memory cannot be properly read by a person 
who does not know the password and a method for in- 
putting the password. Thus, unauthorized reading by a 
third party can be prevented if the password and the 
method for inputting the password are not made public. 
[001 8] Figure 7 is a schematic block diagram illustrat- 
ing a system 500 which realizes a security function for 
a semiconductor device by employing a different struc- 
ture from that illustrated in Figure 6. The system 500 
includes control device 501 (e.g., CPU) which requests 
access to the memory, a semiconductor device 550 hav- 
ing a security function, and a security control device 506. 
In the system 500, the control device 501 outputs an 
address signal 502, a control signal 503, and a data sig- 
nal 505 to the semiconductor device 550 to perform an 
operation on the semiconductor device 550. However, 
the control device 501 cannot take full control of the 
semiconductor device 550 unless the security function 
of the semiconductor device 550 is deactivated. 
[001 9] The security control device 506 is "challenged" 
to deactivate the security function of the semiconductor 
device 550 as follows. The security function of the sem- 
iconductor device 550 is deactivated only when the 
semiconductor device 550 recognizes from the content 
of a security communication signal 504 that the security 
control device 506 is a device which is predetermined 
to be granted access thereto. If the transmitter/recipient 
of the security communication signal 504 is not recog- 
nized as the predetermined device, the security function 
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is not deactivated, and some or all of the operations to 
be performed on the semiconductor device 550 remain 
restricted. 

[0020] During an initial state after the system 500 is 
turned ON, the security function of the system 500 is 5 
activated, so that the contents stored in the semicon- 
ductor device 550 cannot be properly read by an exter- 
nal device. The semiconductor device 550 "challenges" 
the security control device 506! i.e., transmits to the se- 
curity control device 506 a signal (security communica- 
tion signal) 504 for recognizing what device is being cou- 
pled to the semiconductor device 550, and the security 
control device 506 returns a signal which the security 
control device 506 generates based on the signal 504. 
The semiconductor device 550 determines whether or 
not the returned signal 504 matches an expected value. 
If the returned signal 504 matches the expected value, 
it is determined that the proper (or authorized) security 
control device 506 is coupled to the semiconductor de- 
vice 550 as an external device, and accordingly deacti- 
vates the security function of the semiconductor device 
550. The transmission/reception of the signal 504 may 
be repeated multiple times to gain enhanced security. 
[0021] Unlike the security function of the semiconduc- 
tor device 450 shown in Figure 6, the system 500 pro- 
vides a security function which may be enforced in such 
a manner that the "right" communication to occur be- 
tween the semiconductor device 550 and the security 
control device 506 is directed to a different content each 
time such a communication is made. Therefore, the se- 
curity function provided by the system 500 is difficult to 
break via simple signal analysis. 
[0022] Thus, the semiconductor device 550 can pro- 
vide a very secure security function because it permits 
a proper read operation to occur only when the security 
control device 506 coupled thereto is recognized as a 
predetermined device. 

[0023] Instead of the above-described example 
where unauthorized reading is prevented, a security 
function can also be realized to restrict other types of 
operations as well. For example, in order to prevent un- 
authorized overwriting of the content stored in a mem- 
ory, the same conditions as those described above for 
establishing or deactivating restriction on read opera- 
tions can be applied for establishing or deactivating re- 
striction on overwrite operations. 
[0024] However, the above-described conventional 
method for realizing a security function has the following 
problems. 

[0025] In the semiconductor device 450 shown in Fig- 
ure 6, since a fixed protocol is always used for deacti- 
vating the security function, a third party may relatively 
easily discover a security deactivating method by ana- 
lyzing the input signals, e.g., the password (security 
control signal) 407. 

[0026] On the other hand, the system 500 shown in 
Figure 7, the content of the output (i.e., the security com- 
munication signal 504) from the security device 506 



which is expected by the semiconductor device 550 can 
be varied, whereby a more secure security function can 
be realized. However, this structure has cost and/or 
size-related disadvantages associated with the security 
control device 506, which needs to be provided exter- 
nally to the semiconductor device 550. 

SUMMARY OF THE INVENTION 

[0027] In one aspect of the present invention, there is 
provided a semiconductor device including: a memory 
having a memory space for recording data, the memory 
space including addresses; at least one first storage 
section for storing at least a portion of an address at 
which access to the memory space is requested and/or 
data which is requested to be written to the memory 
space; and an operation restriction circuit for at least 
partially restricting operations to be performed on the 
memory, wherein the operation restriction circuit con- 
trols restriction on the operations to be performed on the 
memory based on at least a portion of the data and/or 
the address stored in the at least one first storage sec- 
tion. 

[0028] In accordance with the above structure, it is 
possible to control restriction on operations to be per- 
formed on the memory by utilizing at least a portion of 
data requested to be written to the memory space and/ 
or an address at which the data is requested to be writ- 
ten. Some or all of the operations requiring any access 
to the memory space can be restricted until the opera- 
tion restriction circuit deactivates restriction on opera- 
tions to be performed on the memory, for example. 
Thus, it is difficult for a third party to decipher the method 
for deactivating the security function. Since it is not nec- 
essary to provide any special devices external to the 
semiconductor device for realizing the security function, 
there is no substantial penalty associated with the prod- 
uct size and/or cost. 

[0029] In one embodiment of the invention, the ac- 
cess is a write operation. 

[0030] In another embodiment of the invention, the at 
least one first storage section comprises a plurality of 
storage subsections. 

[0031] In accordance with the above structure, (a por- 
tion of) a plurality of data requested to be written to the 
memory space and/or a plurality of addresses at which 
the data is requested to be written can be stored. Thus, 
it becomes even more difficult for a third party to deci- 
pher the method for deactivating the security function, 
whereby a semiconductor device can be realized which 
cannot be easily subjected to unauthorized utilization. 
[0032] In another embodiment of the invention, if at 
least one of the at least one first storage section does 
not contain the address or data stored therein, the op- 
eration restriction circuit maintains restriction on the op- 
erations to be performed on the memory. 
[0033] In accordance with the above structure, secu- 
rity can be provided in a state (e.g., an initial state) 
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where not ail of the storage subsections contain (a por- 
tion of) data and/or an address. 
[0034] In still another embodiment of the invention, 
the at least one first storage section includes an address 
storage section for storing the address, and a data stor- 5 
age section for storing the data; the semiconductor de- 
vice includes a comparison circuit for performing a com- 
parison of data in the memory space as designated by 
the address stored in the address storage section 
against the data stored in the data storage section; and 
the operation restriction circuit maintains restriction on 
the operations to be performed on the memory if a result 
of the comparison by the comparison circuit does not 
match. 

[0035] In accordance with the above structure, a high- 
er level of security can be realized because it is possible 
to confirm at the time of a read operation that the stored 
data has not been altered. 

[0036] In still another embodiment of the invention, 
the semiconductor device further comprises: a second 
storage section for storing a reference address; and a 
comparison circuit for performing a comparison of the 
address stored in the first storage section against the 
reference address stored in the second storage section, 
wherein the operation restriction circuit deactivates re- 
striction on the operations to be performed on the mem- 
ory if a result of the comparison by the comparison cir- 
cuit matches. 

[0037] In accordance with the above structure, a high- 
er level of security can be realized by comparing the ad- 
dresses stored in the first storage section against the 
reference addresses stored in the second storage sec- 
tion. 

[0038] In still another embodiment of the invention, 
the memory includes a storage unit for containing data 
which is to be concurrently rewritten: and the first stor- 
age section is included in the storage unit. 
[0039] In accordance with the above structure, it be- 
comes possible to vary security conditions by concur- 
rently rewriting the contents stored in at least a portion 
of the memory space of the memory and the first storage 
section, whereby a higher level of security can be pro- 
vided. Note that the second storage section should not 
be formed within the memory rewriting unit because if 
the second storage section were formed within the 
memory rewriting unit, the content stored in the second 
storage section would be lost when the rewriting unit is 
overwritten, thereby allowing a user an opportunity to 
freely set the content after the overwriting. 
[0040] In another aspect of the present invention, 
there is provided a control device for controlling a mem- 
ory having a memory space for recording data, the 
memory space including addresses, the control device 
comprising: at least one first storage section for storing 
at least a portion of an address at which access to the 
memory space is requested and/or data which is re- 
quested to be written to the memory space; and an op- 
eration restriction circuit for at least partially restricting 



operations to be performed on the memory, wherein the 
operation restriction circuit controls restriction on the op- 
erations to be performed on the memory based on at 
least a portion of the data and/or the address stored in 
the at least one first storage section. 
[0041] In accordance with the above structure, it is 
possible to control restriction on operations to be per- 
formed on the memory by utilizing at least a portion of 
data requested to be written to the memory space and/ 
or an address at which the data is requested to be writ- 
ten. Some or all of the operations requiring any access 
to the memory space can be restricted until the opera- 
tion restriction circuit deactivates restriction on opera- 
tions to be performed on the memory, for example. 
Thus, it is difficult for a third party to decipher the method 
for deactivating the security function. By embedding the 
security function in any device (e.g., a memory control- 
ler) on a given system other than the memory, the pen- 
alty associated with the product size and/or cost can be 
reduced. 

[0042] In one embodiment of the invention, the ac- 
cess is a write operation. 

[0043] In another embodiment of the invention, the at 
least one first storage section comprises a plurality of 
storage subsections. 

[0044] In accordance with the above structure, it be- 
comes even more difficult for a third party to decipher 
the method for deactivating the security function, where- 
by a control device can be realized which cannot be eas- 
ily subjected to unauthorized utilization. 
[0045] In another embodiment of the invention, if at 
least one of the at least one first storage section does 
not contain the address or data stored therein, the op- 
eration restriction circuit maintains restriction on the op- 
erations to be performed on the memory. 
[0046] In accordance with the above structure, secu- 
rity can be provided in a state (e.g., an initial state) 
where not all of the storage subsections contain (a por- 
tion of) data and/or an address. 
[0047] In still another embodiment of the invention, 
the at least one first storage section includes an address 
storage section for storing the address, and a data stor- 
age section for storing the data; the semiconductor de- 
vice includes a comparison circuit for performing a com- 
parison of data in the memory space as designated by 
the address stored in the address storage section 
against the data stored in the data storage section; and 
the operation restriction circuit maintains restriction on 
the operations to be performed on the memory if a result 
of the comparison by the comparison circuit does not 
match. 

[0048] In accordance with the above structure, a high- 
er level of security can be realized because it is possible 
to confirm at the time of a read operation that the stored 
data has not been altered. 

[0049] In still another embodiment of the invention, 
the control device further comprises: a second storage 
section for storing a reference address; and a compar- 
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ison circuit for performing a comparison of the address 
stored in the first storage section against the reference 
address stored in the second storage section, wherein 
the operation restriction circuit deactivates restriction on 
the operations to be performed on the memory if a result 
of the comparison by the comparison circuit matches. 
[0050] In accordance with the above structure, a high- 
er level of security can be realized by comparing the ad- 
dresses stored in the first storage section against the 
reference addresses stored in the second storage sec- 
tion. 

[0051] In still another embodiment of the invention, 
the memory includes a storage unit for containing data 
which is to be concurrently rewritten; and the first stor- 
age section is included in the storage unit. 
[0052] In accordance with the above structure, it be- 
comes possible to vary security conditions by concur- 
rently rewriting the contents stored in at least a portion 
of the memory space of the memory and the first storage 
section, whereby a higher level of security can be pro- 
vided. Note that the second storage section should not 
be formed within the memory rewriting unit because if 
the second storage section were formed within the 
memory rewriting unit, the content stored in the second 
storage section would be lost when the rewriting unit is 
overwritten, thereby allowing a user an opportunity to 
freely set the content after the overwriting. 
[0053] Thus, the invention described herein makes 
possible the advantages of: (1 ) providing a semiconduc- 
tor device having a security function for preventing un- 
authorized read or overwrite which can be deactivated 
by a method which is difficult for any unauthorized third 
party to analyze and decipher, such that the security 
function can be realized without the need to require a 
special external device; and (2) providing a control de- 
vice for such a semiconductor device. 
[0054] These and other advantages of the present in- 
vention will become apparent to those skilled in the art 
upon reading and understanding the following detailed 
description with reference to the accompanying figures. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0055] Figure 1 is a schematic block diagram illustrat- 
ing a semiconductor device incorporating a control de- 
vice for a memory according to Example 1 of the present 
invention. 

[0056] Figure 2 is a schematic block diagram illustrat- 
ing a semiconductor device incorporating a control de- 
vice for a memory according to Example 2 of the present 
invention. 

[0057] Figure 3 is a schematic block diagram illustrat- 
ing a semiconductor device incorporating a control de- 
vice for a memory according to Example 3 of the present 
invention. 

[0058] Figure 4 is a schematic block diagram illustrat- 
ing a semiconductor device incorporating a control de- 
vice for a memory according to Example 4 of the present 



invention. 

[0059] Figure 5 is a schematic block diagram illustrat- 
ing a security function in a semiconductor device. 
[0060] Figure 6 is a schematic block diagram illustrat- 
5 ing a conventional semiconductor device. 

[0061] Figure 7 is a schematic block diagram illustrat- 
ing a conventional semiconductor memory device. 

DESCRIPTION OF THE PREFERRED 
10 EMBODIMENTS 

[0062] Hereinafter, the present invention will be de- 
scribed by way of illustrative examples, with reference 
to the accompanying figures. 

15 

(Example 1) 

[0063] Figure 1 is a schematic block diagram illustrat- 
ing a semiconductor device 50 having a memory space 

20 composed of rewritable semiconductor memory cells 
according to Example 1 of the present invention. The 
semiconductor device 50 includes an interface circuit 4, 
a security circuit 9, and a memory 1 3 (defining a memory 
space) composed essentially of rewritable semiconduc- 

25 tor memory cells. In general, a "memory space" includes 
a plurality of addresses, where data can be recorded 
corresponding to each address. 
[0064] The security circuit 9 includes: an address stor- 
age control circuit 14; an address storage circuit section 

30 16 capable of storing N addresses; a security control 
circuit 18; and an operation restriction circuit 20 for re- 
stricting the operations to be performed on the memory 
13. The security circuit 9 functions as a control circuit 
for the memory 13. It is assumed that the address stor- 

35 age circuit section 16 includes N address storage cir- 
cuits 1 to N (where N is a natural number), such that 
each of the address storage circuits 1 to N stores one 
address. Each of the address storage circuits 1 to N 
functions as a storage subsection. 

40 [0065] The memory 1 3 may include volatile semicon- 
ductor memory cells (as in static RAMs) or non-volatile 
semiconductor memory ceils (as in EEPROMs). 
[0066] All of the component elements of the semicon- 
ductor device 50 may be provided on one device to re- 

45 alize a security function for the memory 13. However, it 
is not necessary to provide all of the aforementioned 
component elements on a single device. For example, 
the security function may be realized on a number of 
devices collectively, e.g., by employing a separate se- 

50 curity device, which includes the interface circuit 4 and 
the security circuit 9, to control the memory 13. 
[0067] Hereinafter, a security protocol of the semicon- 
ductor device 50 according to the present invention, i. 
e., a method for restricting operations which require ac- 

55 cess to the memory space composed of rewritable sem- 
iconductor memory cells, will be described. The follow- 
ing description will be directed to an instance of "unau- 
thorized read prevention function" where, when a por- 
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tion of data is to be read from a partial region of the mem- 
ory 13, dummy data is output in the place of the actual 
data, thereby restricting the read operations to be per- 
formed to the data stored in the memory. 
[0068] The semiconductor device 50 receives an ad- 5 
dress signal 1, a control signal 2, and a data signal 3, 
which are externally input for the purpose of reading da- 
ta stored at a given address of the memory 13. 
[0069] Upon analyzing the address signal 1, the con- 
trol signal 2, and the data signal 3, the interface circuit 

4 recognizes that a read operation has been externally 
issued for the semiconductor device 50. Accordingly, 
the interface circuit 4 outputs an internal address signal 

5 and an internal control signal 6 to instruct that data 
stored at an address in the memory space which is des- 
ignated by the internal address signal 5 be transmitted 
via an internal data signal 8. The interface circuit 4 in- 
cludes a circuit for analyzing extemally-input signals, 
and a state machine for controlling the operation of con- 
trolling the stored content in the semiconductor device 
50, a circuit for controlling an output signal in accord- 
ance with external requests, and the like. The exact 
structure of the interface circuit 4 may vary depending 
on the specification of the semiconductor device 50. 
[0070] The security circuit 9 outputs the address sig- 
nal 10 and the control signal 11 to the memory 13, and 
reads the content which is stored in the memory 13 via 
the data signal 12. In the initial state, the security control 
circuit 18 is reset, and an internal control signal 19 is 
issued to indicate to the operation restriction circuit 20 
that the security function has not been deactivated. The 
operation restriction circuit 20 examines the received in- 
ternal address signal 5, and upon determining that the 
address represented by the internal address signal is a 
predetermined address, exchanges the data which is 
read from the memory 13 (i.e., the data signal 12) with 
dummy data, and outputs an internal data signal 8 rep- 
resenting the dummy data to the interface circuit 4. 
[0071 ] The interface circuit 4 receives the dummy da- 
ta via the internal data signal 8, and outputs the dummy 
data to an external device via the data signal 3. Thus, it 
is made impossible to perform a proper read operation 
from that particular address. As a result, the unauthor- 
ized reading or utilization of the content stored in the 
semiconductor device 50 can be prevented. 
[0072] Instead of exchanging the data represented by 
the data signal 12 with dummy data, the operation re- 
striction circuit 20 can utilize various methods as a 
means for restricting the reading from the memory 13, 
without limitation. For example, an address represented 
by the address signal 5 may be exchanged with a dum- 
my address which is output to the memory 13 as the 
address signal 10. Alternatively, the control signal 11, 
which is used to instruct reading from the memory 13, 
may be prevented from being output. 
[0073] As the operation restriction circuit 20, any cir- 
cuit structure that restricts an operation (which is not lim- 
ited to a read operation) which requires access to the 



memory space may be employed. For example, when 
an overwriting of the data stored in the memory 13 is 
externally instructed, the address represented by the 
address signal 5 may be exchanged with a dummy ad- 
dress to be output as the address signal 10. Alternative- 
ly, the data represented by the data signal 8 may be ex- 
changed with dummy data to be output to the memory 
13 as the data signal 12. Thus, any externally-instructed 
operation which requires access to the memory space 
of the memory 1 3 can be prevented from occurring prop- 
erly. As a result, the unauthorized use of the semicon- 
ductor device can be prevented. 
[0074] Next, the security deactivation protocol of the 
semiconductor device 50 will be described. 
[0075] An address signal 1, a control signal 2, and a 
data signal 3 are externally input to the semiconductor 
device 50. When an overwriting of the data at a given 
address of the memory 13 is requested (assuming that 
not all of the address storage circuits 1 to N in the ad- 
dress storage circuit section 16 contain addresses 
stored therein), the address storage control circuit 14 
issues an address storage control signal 15, whereby 
an address for which an overwriting has been requested 
is stored in the address storage circuit section 16. In the 
address storage circuit section 16, addresses are se- 
quentially stored in the address storage circuits 1 to N, 
beginning from the address storage circuit 1. The ad- 
dress storage control circuit 14 determines whether or 
not addresses are stored in all of the address storage 
circuits 1 to N based on an address signal 17 which is 
output from the address storage circuit section 16. If ad- 
dresses are stored in all of the address storage circuits 
1 to N, the address storage control circuit 14 does not 
issue the address storage control signal 15 so that no 
more addresses will be stored. 
[0076] If at least one of the address storage circuits 1 
to N in the address storage circuit section 16 does not 
contain an address stored therein, the security function 
cannot be deactivated, if all of the address storage cir- 
cuits 1 to N contain addresses stored therein, security 
deactivation is performed by using the stored address- 
es. As the information stored in the address storage cir- 
cuits, only some of the bits representing each address 
may be stored, rather than all of the bits representing 
each address, because the order of overwriting is sig- 
nificant, as opposed to the address value itself. 
[0077] Alternatively, the address storage control cir- 
cuit 14 may be a circuit which, based on the address 
signal 17, detects one or more of the address storage 
circuits 1 to N which do not contain any addresses 
stored therein, and outputs the address storage control 
signal 15 to instruct, when the internal control signal 6 
is issued to request an address to be stored, that the 
address signal 5 be stored in the circuit(s) (1 to N) in 
which address(es) are not stored. 
[0078] Each of the address storage circuits 1 to N in 
the address storage circuit section 16 may be a circuit 
which includes as many register circuits as the number 
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of bits representing an address to be stored, and a reg- 
ister circuit for storing a bit indicating that an address is 
stored in the circuit. In this case, one of the address stor- 
age circuits 1 to N which has been instructed to store 
an address represented by the address signal 5 based 
on the address storage control signal 15 stores the ad- 
dress represented by the address signal 5 in the register 
circuits within the address storage circuit, and further 
sets a bit indicating that an address is stored in the ad- 
dress storage circuit. 

[0079] As a method for deactivating the security func- 
tion, for example, a method may be employed in which 
the security control circuit 18 uses an address stored in 
the address storage circuit section 16 as a password, 
requiring a security control signal 7 to be input. The se- 
curity control signal 7 is generated in the interface circuit 
4 based on an externally input signal. 
[0080] Alternatively, as described in Japanese Appli- 
cation No. 2000-121844, a method may be employed in 
which the addresses of a memory are read in a certain 
sequence, and in which the security function is deacti- 
vated only when the values and order of the addresses 
match those stored in the address storage circuit section 
16. Furthermore, as described in Japanese Laid-Open 
Publication No. 3-204053 or Japanese Laid-Open Pub- 
lication No. 1-1.73244, a technique of utilizing for secu- 
rity control the information as to whether the order of 
addresses in a read operation is proper or not may be 
employed. Note that the present invention employs a dif- 
ferent method from the method for storing addresses in 
the address storing regions according to Japanese Ap- 
plication No. 2000-121844, supra. According to Japa- 
nese Application No. 2000-121844, supra, it is neces- 
sary to externally designate storage of fixed data in the 
address storing regions, so that it is necessary to make 
public the means for storing security information. In con- 
trast, according to the present invention, such a storage 
operation can itself be concealed within the usual oper- 
ations of the semiconductor device. As a result, a secu- 
rity function can be realized without risking any public 
disclosure. 

[0081] The aforementioned security deactivation is 
realized by the security control circuit 18. The security 
control circuit 18 outputs a security control signal 19 to 
instruct the deactivation of the security function to the 
operation restriction circuit 20. Once receiving the se- 
curity control signal 19 which instructs the deactivation 
of the security function, the operation restriction circuit 
20 no longer applies restriction on any read operations 
which are requested to be performed on the memory 13. 
As a result, read operations can take place property. 
[0082] As the security control circuit 1 8, a circuit which 
examines an order in which a number of addresses were 
accessed, e.g., as described in Japanese Application 
No. 2000-121844, supra, may be employed. 
[0083] Although the present example illustrates a 
case in which unauthorized reading is prevented, the 
present invention is not limited thereto. It will be appre- 



ciated that the present invention is also applicable to re- 
striction of any other types of access to the memory 
space, e.g., overwriting. For example, in the case where 
the present invention is used for restricting overwrite op- 
5 erations, a method can be employed in which the oper- 
ation restriction circuit 20 outputs as an address signal 
10 to the memory 13 a dummy address which is not 
identical to an address which has been requested to be 
overwritten (as represented by the address signal 5). Al- 
io tentatively, a method may be employed in which a con- 
trol signal 11 for instructing overwrite is prevented from 
being output to the memory 13 unless the security func- 
tion is deactivated. Alternatively, a method may be em- 
ployed in which data (i.e., dummy data ) which is not 
15 identical to the data which has been requested to be 
overwritten (as represented by the internal data signal 
8) is output as a data signal 12 to the memory 1 3. Thus, 
it is possible to restrict overwrite operation in a manner 
similar to restricting read operations as discussed 
20 above. 

(Example 2) 

[0084] Figure 2 is a schematic block diagram illustrat- 
es ing a semiconductor device 150 according to Example 
2 of the present invention. The semiconductor device 
150 includes an interface circuit 104, a security circuit 
109, and a memory 113 (defining a memory space) 
composed essentially of rewritable semiconductor 
30 memory cells. 

[0085] The security circuit 1 09 includes: address/data 
storage control circuit 114; an address storage circuit 
section 116 capable of storing N addresses (where N is 
a natural number); a data storage circuit section 121 ca- 
35 pable of storing M units of data (where M is a natural 
number): an address comparison circuit 118; a data 
comparison circuit 123; a security control circuit 125: 
and an operation restriction circuit 127 for restricting the 
operations to be performed on the memory 113. The se- 
40 curity circuit 109 functions as a control circuit for the 
memory 113. 

[0086] In the present example, it is assumed that the 
address storage circuit section 116 includes N address 
storage circuits 1 to N, such that each of the address 

45 storage circuits 1 to N stores one address. It is also as- 
sumed that the data storage circuit section 121 includes 
M data storage circuits 1 to M, such that each of data 
storage circuits 1 to M stores one unit data. Each of the 
address storage circuits 1 to N and each of data storage 

50 circuits 1 to M functions as a storage subsection. 

[0087] All of the component elements of the semicon- 
ductor device 150 may be provided on one device to 
realize a security function for the memory 113. However, 
it is not imperative that the semiconductor device 1 50 is 

55 realized as a single device. For example, the security 
function may be realized on a number of devices collec- 
tively, e.g., by employing a separate security device, 
which includes the interface circuit 104 and the security 
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circuit 109, to control the memory 113. 
[0088] Although the following description is directed 
to a case where the number N of addresses which can 
be stored in the address storage circuit section 116 and 
the number M of data which can be stored In the data 
storage circuit section 121 are equal (N=M), it is not nec- 
essary that M and N be equal. In the present example, 
the memory 113, the interface circuit 104, and the op- 
eration restriction circuit 127 may be implemented by 
using similar means to the memory 13, the interface cir- 
cuit 4, and the operation restriction circuit 20 according 
to Example 1 . 

[0089] Hereinafter, a security protocol of the semicon- 
ductor device 150 according to the present invention will 
be described. The following description will be directed 
to an instance of "unauthorized read prevention func- 
tion" where an output resulting from a read operation to 
a partial region of the memory 113 is exchanged with 
dummy data, thereby restricting the read operations to 
be performed to the data stored in the memory. 
[0090] The semiconductor device 1 50 receives an ad- 
dress signal 101, a control signal 102, and if necessary 
a data signal 103, which are externally input for the pur- 
pose of reading data stored in the memory 113. During 
an initial state which follows after the semiconductor de- 
vice 150 is turned ON, the reading of at least a partial 
address region of the memory 113 is restricted. Unless 
the security function is deactivated, the operation re- 
striction circuit 127 prevents a read operation from prop- 
erly occurring, as may be realized by: outputting a signal 
which is obtained by subjecting a data signal 112 having 
been read from the memory 113 to a predetermined 
mathematical operation as an internal data signal 108 
to the interface circuit 104; withholding a control signal 
111 from being issued to the memory 113; or outputting 
an address which is obtained by converting an address 
represented by an internal address signal 1 05 as an ad- 
dress signal 110. 

[0091] Next, the security deactivation protocol of the 
semiconductor device 150 will be described. 
[0092] In the case where a request for overwriting the 
data stored in a given address is externally made to the 
semiconductor device 150 by using the address signal 
1 01 , the control signal 1 02, and the data signal 1 03, then 
the address/data storage control circuit 114 stores the 
address for which overwrite has been requested in any 
address storage circuit within the address storage circuit 
section 116 where addresses are not stored yet. In do- 
ing so, it is ensured that addresses are sequentially 
stored in the address storage circuits 1 to N, beginning 
from the address storage circuit 1 . At the same time, any 
data which is sought to be written in the memory 113 is 
sequentially stored in the data storage circuits 1 to M 
(assuming N-M), beginning from the data storage circuit 
1 . The address/data storage control circuit 1 14 no long- 
er stores such addresses or data if ail of the address 
storage circuits 1 to N or if all of the data storage circuits 
1 to M (assuming N=M) already contain addresses and 



16 

data stored therein. 

[0093] According to the present example, storage of 
addresses is controlled based on an internal control sig- 
nal (address storage control signal) 106 which is output 

5 from the interface circuit 1 04, and storage of data is con- 
trolled based on an internal control signal (data storage 
control signal) 107 which is output from the interface cir- 
cuit 104. If all of the address storage circuits 1 to N al- 
ready contain addresses stored therein, or if all of the 

10 data storage circuits 1 to M contain data stored therein, 
the address/data storage control circuit 114 prevents 
further storage of addresses or data by not generating 
the address storage control signal 1 1 5 or the data stor- 
age control signal 120, respectively. When all of the ad- 

15 dress storage circuits 1 to N and all of the data storage 
circuits 1 to M contain addresses and data stored there- 
in, the security function can be deactivated on the basis 
of the stored addresses and data. As the addresses or 
data to be stored in the address or data storage circuits, 

20 only portions of each address or data may be stored, 
rather than the entire address or data, because the order 
of overwriting is significant, as opposed to the address 
or data value itself. In the present example, the address/ 
data storage control circuit 114 may be implemented by 

25 using similar means to the address storage control cir- 
cuit 14 according to Example 1 of the present invention. 
The address storage circuit section 116 and the data 
storage circuit section 121 may be implemented by us- 
ing similar means to the address storage circuit section 

30 16 according to Example 1 of the present invention. 
[0094] As a method for deactivating the security func- 
tion, various methods can be employed. For example, 
as described in Japanese Application No. 2000-121 844, 
supra, a method may be employed in which read oper- 
as ations are performed to the addresses of the memory 
113 in a certain sequence, and in which the security 
function is deactivated only when the values and order 
of the addresses match those stored in the address stor- 
age circuit section 116. Alternatively, the following meth- 
od may be employed. When read operations are per- 
formed, the address comparison circuit 118 compares 
an address (address signal 105) for which a read oper- 
ation has been requested against an address (address 
signal 117) stored in the address storage circuit section 

« 116, and outputs the result of the comparison as a 
matching detection signal 1 1 9 to the security control cir- 
cuit 125. Moreover, the data comparison circuit 123 
compares data which has been read via the data signal 
112 against data which is stored in the data storage cir- 

50 cuit section 121 (data signal 122), and outputs the result 
of the comparison as a matching detection signal 124 
to the security control circuit 125. If it is detected by the 
security control circuit 125 that the addresses match but 
that the data do not match, it is determined that the 

55 stored content has been subjected to an unauthorized 
overwriting, and the security control circuit 125 outputs 
a security control signal 126 to control the operation re- 
striction circuit 127, thereby ensuring that the security 
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function will not be deactivated. On the other hand, if it 
is detected by the security control circuit 125 that both 
the addresses and the data match, a signal instructing 
deactivation of the security function is output as a secu- 
rity control signal 126 to the operation restriction circuit 5 
127. Once receiving the security control signal 126 
which instructs the deactivation of the security function, 
the operation restriction circuit 127 no longer applies re- 
striction on any read operations which are requested to 
be performed on the memory 1 13. As a result, read op- 
erations can take place properly. 
[0095] As the security control circuit 125, a circuit 
which examines an order in which a number of address- 
es were accessed, e.g., as described in Japanese Ap- 
plication No. 2000-1 21 844, supra, plus additional deter- 
mination circuitry for determining not only matching of 
the address but also matching of the corresponding da- 
ta, may be employed. 

[0096] Although the present example illustrates a 
case in which unauthorized reading is prevented, the 
present invention is not limited thereto. As in Example 
1 , it will be appreciated that the present invention is also 
applicable to restricting any other types of access to the 
memory space, e.g., overwriting. For example, in the 
case where the present invention is used for restricting 
overwrite operations, a method can be employed in 
which the operation restriction circuit 127 cancels a re- 
quested overwrite operation, or performs an overwrite 
operation which is not identical to the requested over- 
write operation. Thus, it is possible to restrict overwrite 
operations in a manner similar to restricting read oper- 
ations as discussed above. 

[0097] Although the above description illustrates a 
case where both the address stored in the address stor- 
age circuit section 116 and the data stored in the data 
storage circuit section 121 are utilized for realizing a se- 
curity function, the effects of the present invention can 
also be obtained by utilizing only either one of the ad- 
dress stored in the address storage circuit section 116 
or the data stored in the data storage circuit section 121, 
in a manner similar to using the address storage circuit 
section 16 according to Example 1. 

(Example 3) 

[0098] Figure 3 is a schematic block diagram illustrat- 
ing a semiconductor device 250 according to Example 
3 of the present invention. The semiconductor device 
250 is configured in such a manner that the function of 
the address storage circuit section 16 in the semicon- 
ductor device 50 of Example 1 is embodied within a re- 
writable memory 225. 

[0099] The semiconductor device 250 includes an in- 
terface circuit 204, a security circuit 209, and a memory 
225 which includes at least one memory rewriting unit 
214 having a memory space composed essentially of 
concurrently-rewritable semiconductor memory cells. 
The security circuit 209 includes an address storage 



control circuit 21 5, a security control circuit 21 7, and an 
operation restriction circuit 21 9 for restricting the oper- 
ations to be performed on the memory 225. The security 
circuit 209 functions as a control circuit for the memory 
225. 

[0100] The memory rewriting unit 214 includes ad- 
dress storing regions 1 to N which, as a whole, are ca- 
pable of storing N addresses. Note that the address stor- 
ing regions 1 to N included in the memory rewriting unit 
214 correspond to the address storage circuits 1 to N in 
the address storage circuit section 16 of the semicon- 
ductor device 50 of Example 1 . 
[0101] The address storing regions 1 to N are prefer- 
ably implemented by using address regions other than 
the address regions which are subject to regular re- 
quests for overwriting because the addresses stored in 
the address storing regions 1 to N, which are intended 
to be utilized as security information, may be destroyed 
through regular overwriting. For example, in the case 
where the present example is applied to a flash memory 
which is capable of block erasure, it would be preferable 
to provide extra row and/or column lines, in addition to 
those associated with addresses which are subjected to 
regular use, within each block to be concurrently erased; 
in this case, the memory cells which are coupled to the 
additional row lines and column lines can be used as 
the address storing regions 1 to N. 
[0102] All of the component elements of the semicon- 
ductor device 250 may be provided on one device to 
realize a security function for the memory 225. However, 
it is not necessary to provide ail of the aforementioned 
component elements on a single device. For example, 
the security function may be realized on a number of 
devices collectively, e.g., by employing a separate se- 
curity device, which includes the interface circuit 204 
and the security circuit 209, to control the memory 225 
(including the memory rewriting unit 214). 
[0103] As a security protocol for the semiconductor 
device 250, a method (e.g., the method described in Ex- 
ample 1) may be employed in which the operation re- 
striction circuit 219 somehow modifies a data signal 212 
representing the data read from the memory 225 before 
being output as an internal data signal 208. 
[0104] As the method for concurrent rewriting, rewrit- 
ing via a buffer, block erasure of a flash EEPROM, or 
other similar means may be used. Although the follow- 
ing description illustrates the case where the present in- 
vention is applied to a flash EEPFOM which is capable 
of concurrent block erasure, the same technique can al- 
so be used for rewriting via a buffer. The following de- 
scription is directed to the case where the data stored 
in the memory rewriting unit 214 cannot be erased un- 
less restriction on erase operations is deactivated, 
thereby preventing unauthorized data overwriting. 
[0105] An address signal 201, a control signal 202, 
and a data signal 203 are externally input to the semi- 
conductor device 250 to request overwriting of data 
stored at a given address of the memory 225. Upon rec- 
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ognizing the request, the interface circuit 204 outputs 
an internal control signal 206 to the address storage 
control circuit 21 5. Determining that the address is with- 
in the memory rewriting unit 214, the address storage 
control circuit 215 outputs a signal 220 to the interface 5 
circuit 204. The interface circuit 204 reads the stored 
content in the address storing regions 1 to N, and stores 
the address for which overwrite has been requested in 
any address storing regions 1 to N where addresses are 
not stored yet. In addition to this operation, the data 10 
overwrite as externally requested is performed to the 
semiconductor device 250. In doing so, it is ensured that 
addresses are sequentially stored in the address storing 
regions 1 to N, beginning from the address storing re- 
gion 1. The address storing regions 1 to N function as 15 
storage subsections. 

[0106] If all of the address storing regions 1 to N al- 
ready store addresses for which overwrite has been re- 
quested, the address storage control circuit 215 does 
not store any more addresses, and only performs regu- 20 
lar data overwriting. 

[0107] Upon determining that at least one of the ad- 
dress storing regions 1 to N does not contain an address 
stored therein, the address storage control circuit 215 
outputs an address storage control signal 21 6 to the op- 25 
eration restriction circuit 219 so that the operation re- 
striction circuit 219 prohibits erase operations from be- 
ing performed on the memory rewriting unit 21 4. On the 
other hand, if all of the address storing regions 1 to N 
contain addresses stored therein, erase operations to 30 
the memory rewriting unit 214 are permitted on the basis 
of the stored addresses. As a method for prohibiting 
erase operations, for example, the operation restriction 
circuit 21 9 may withhold a control signal 21 1 from being 
issued to the memory 225. As the addresses to be 35 
stored in the address storing regions 1 to N, only por- 
tions of each address may be stored, rather than the 
entire address, because the order of overwriting is sig- 
nificant, as opposed to the address value itself. 
[01 08] As a method for deactivating the security func- 40 
Won, for example, a method described in Japanese Ap- 
plication No. 2000-121844, supra, may be employed, in 
which read operations are performed to the addresses 
of the memory rewriting unit 214 in a certain sequence, 
and in which the security function is deactivated only 45 
when the values and order of the addresses match 
those stored in the address storing regions 1 to N in the 
memory rewriting unit 214. 

[0109] The security deactivation as described above 
is performed by the security control circuit 217, which so 
outputs a security control signal 218 for instructing de- 
activation of the security function to the operation re- 
striction circuit 219. Once receiving the security control 
signal 218 which instructs the deactivation of the secu- 
rity function, the operation restriction circuit 21 9 no long- 55 
er applies restriction on any erase operations which are 
requested to be performed. As a result, erase opera- 
tions can take place properly. 



[0110] As the security control circuit 217, a circuit 
which examines an order in which a number of address- 
es were accessed, e.g., as described in Japanese Ap- 
plication No. 2000-121844, supra, plus additional latch 
circuitry for latching the content which is stored in the 
address storing regions 1 to N and which is read via the 
data signal 21 2, may be employed. The latched address 
(es) may be used as reference addresses. 
[0111] In the present example, all of the contents 
stored in the address storing regions 1 to N are erased 
when the data stored in the memory rewriting unit 214 
is erased. However, the data stored in the memory re- 
writing unit 214 is not erased unless all of the address 
storing regions 1 to N contain addresses stored therein. 
Thus, there is provided an advantage in that redundant 
erase operations can be automatically prevented since 
the contents stored in the memory rewriting unit 21 4 and 
the contents stored in the address storing regions 1 to 
N within the memory rewriting unit 214 are simultane- 
ously erased, thereby eliminating the need to perform 
any further erasure. 

[0112] Thus, the present example solves a problem 
which is associated with a structure in which address 
storing regions are provided in a memory rewriting unit 
other than the memory rewriting unit 214 because, in 
such a structure, it would be necessary to perform two 
erase operations, i.e., one for erasing the data stored in 
the memory rewriting unit 214 and another for erasing 
the contents stored in the address storing regions; oth- 
erwise, a special technique for effecting simultaneous 
erase operations would be required. 
[0113] Furthermore, in the present example, it is pos- 
sible to additionally employ the data storage section (da- 
ta storing regions) illustrated in Example 2 of the present 
invention. In that case, it may be ensured that each 
erase operation performed also results in the erasure of 
any corresponding data stored in the data storing re- 
gion. This can be realized, without entailing any in- 
crease in the number of erase operations to be per- 
formed, by providing the data storing regions within the 
same memory rewriting unit. 

[0114] According to the present example, the same 
type of semiconductor memory cells as those already 
employed in the semiconductor device can be utilized 
as an address storage section. Therefore, it is not nec- 
essary to additionally employ any circuitry or manufac- 
ture processes which would be required for other types 
of memory cells. 

[01 1 5] For example, in embodiments where erase op- 
erations for volatile semiconductor memory cells are to 
be restricted, any data stored in the semiconductor 
memory cells will be lost as the supply of power is ter- 
minated. In this case, it is preferable that the address 
storage section is also volatile because using non-vol- 
atile memory cells for the address storage section, 
which is designed for the purpose of restricting erase 
operations, would bring about nothing but the extra com- 
plexity of having to perform an overwrite operation after 
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the device is turned ON in order to clear the content 
which is already stored in the address storage section. 
[01 1 6] On the other hand, in the case where the sem- 
iconductor device incorporates non-volatile semicon- 
ductor memory cells, any data stored therein will not be s 
lost after power termination. In this case, it is preferable 
to employ non-volatile means for the address storage 
section in order to continuously apply restriction on 
erase operations to protect the stored data after the de- 
vice is turned ON again. 

[01 1 7] According to the present example, regardless 
of whether the semiconductor device incorporates vol- 
atile or non-volatile semiconductor memory cells, a sat- 
isfactory address storage section which has the same 
characteristics as those of the data storage means (i.e. 
a memory device) can be provided. 
[01 18] In the case where the present example is em- 
bodied with a flash EEPROM, in which any erasure will 
occur on a block-by-block basis, it is possible to prevent 
unauthorized overwriting to some degree by simply pro- 
hibiting erase operations. In the case where the address 
storage section is implemented as flash EEPROM cells 
within a block for which erasure is prohibited, the ad- 
dresses which were stored in the address storage sec- 
tion will be erased during an erase operation after the 
security function is deactivated. Therefore, it is possible 
to arrange the device so that a predetermined overwrit- 
ing procedure will be started anew after erasure, without 
having to separately clear the address storing regions. 
[0119] By providing an address storage section for 
erasure restriction purposes for each block, there is pro- 
vided an additional advantage in that each address to 
be stored in the address storage section only needs to 
be representative of a location within each block, so that 
a smaller number of bits need to be stored, if at all. This 
enhances the scale economy associated with the ad- 
dress storing regions and/or the comparison circuits. 

(Example 4) 

[01 20] Figure 4 is a schematic block diagram illustrat- 
ing a semiconductor device 350 according to Example 
4 of the present invention. The semiconductor device 
350 includes an interface circuit 304, a security circuit 
309, and a memory 313 having a memory space com- 
posed essentially of rewritable semiconductor memory 
cells. The security circuit 309 includes: an address stor- 
age control circuit 314; an address storage circuit sec- 
tion 316 capable of storing N addresses (where N is a 
natural number); a reference address storage circuit 
section 322 capable of storing M predetermined ad- 
dresses data (where M is a natural number): a security 
control circuit 319; and an operation restriction circuit 
321 for restricting the operations to be performed on the 
memory 31 3. The security circuit 309 functions as a con- 
trol circuit for the memory 313. 
[0121] In the present example, it is assumed that the 
address storage circuit section 316 includes N address 



storage circuits 1 to N, such that each of the address 
storage circuits 1 to N stores one address. It is also as- 
sumed that the reference address storage circuit section 
322 includes M reference address storage circuits 1 to 
M, such that each of the reference address storage cir- 
cuits 1 to M stores one reference address. Although the 
following description is directed to a case where N=M, 
the present example is not limited thereto. 
[0122] All of the component elements of the semicon- 
ductor device 350 may be provided on one device to 
realize a security function forthe memory 31 3. However, 
it is not necessary to provide all of the aforementioned 
component elements on a single device. For example, 
the security function may be realized on a number of 
devices collectively, e.g., by employing a separate se- 
curity device, which includes the interface circuit 304 
and the security circuit 309, to control the memory 31 3. 
[0123] The reference address storage circuit section 
322 stores predetermined reference addresses (1 to M). 
The reference address storage circuit section 322 may 
be arranged so as to be rewritable by providing a dedi- 
cated control circuit. Alternatively, any signals which are 
derivable from fixed circuitry may be employed as ref- 
erence addresses. 

[0124] In the present example, the memory 313, the 
interface circuit 304, the address storage circuit section 
316, and the operation restriction circuit 327 may be im- 
plemented by using similar means to the memory 13, 
the interface circuit 4, the address storage circuit section 
16 and the operation restriction circuit 20 of the semi- 
conductor device 50 according to Example 1 of the 
present invention. 

[0125] An address signal 301, a control signal 302, 
and a data signal 303 are externally input to the semi- 
conductor device 350 to request overwriting of data 
stored at a given address of the memory 313. Upon rec- 
ognizing the request, the interface circuit 304 outputs 
an internal control signal 306 to the address storage 
control circuit 314. The address storage control circuit 
314 issues an address storage control signal 315 to 
store the address for which overwrite has been request- 
ed in any address storage circuits 1 to N in the address 
storage circuit section 316 where addresses are not 
stored yet. In doing so, it is ensured that addresses are 
sequentially stored in the address storage circuits 1 to 
N, beginning from the address storing circuit 1. If all of 
the address storage circuits 1 to N already contain ad- 
dresses stored therein, the address storage control cir- 
cuit 314 stores no more addresses in the address stor- 
age circuit section 316. As the addresses to be stored, 
only portions of each address may be stored, rather than 
all bits of the address, because the order of overwriting 
is significant, as opposed to the address value itself. 
[0126] In one embodiment, the security control circuit 
31 9 at least includes a comparison circuit for comparing, 
in the case where all of the address storage circuits 1 to 
N contain addresses stored therein, each address (ad- 
dress signal 317) stored in the address storage circuit 
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section 316 against each address (reference address 
signal 318) stored in the reference address storage cir- 
cuit section 322. Only if all the addressee match does 
the security control circuit 319 output a security control 
signal 320 for deactivating the security function to the 5 
operation restriction circuit 321 , whereby overwriting op- 
erations to the memory 313 will be permitted. If the ad- 
dress signal 317 and the reference address signal 318 
do not match, the operation restriction circuit 321 ap- 
plies restriction on some or all of the operations to be 
performed on the memory 313. 
[0127] As a method for restricting some or all of the 
operations to be performed on the memory 31 3, any one 
of the following methods may be employed, without lim- 
itation: a method in which the address (as represented 
by the internal address signal 305) for which an opera- 
tion is sought is modified so as to be output as an ad- 
dress signal 310 to the memory 313; a method which 
involves withholding the issuance of a control signal 311 
to the memory 313; or a method which involves intro- 
ducing some modification between the internal data sig- 
nal 308 and the data signal 312. 
[0128] Although the above description illustrates a 
case where the number (N) of address storage circuits 
in the address storage circuit section 316 and the 
number (M) of reference address storage circuits in the 
reference address storage circuit section 322 are equal 
(N=M), the present invention is not limited to such a 
structure. In the case where N is not equal to M, the 
security control circuit 319 may compare any informa- 
tion associated with the address(es) stored in the ad- 
dress storage circuit section 316 against any informa- 
tion associated with the reference address(es) stored in 
the reference address storage circuit section 322. 
[0129] In the case where the overwriting of the mem- 
ory 313 is not restricted in the initial state, any overwrit- 
ing which is requested in an order not conforming to a 
predetermined order will result in the restriction of sub- 
sequent overwriting, whereby unauthorized overwriting 
can be prevented. In the case where the overwriting of 
the memory 313 is restricted in the initial state, the re- 
striction on overwriting is deactivated in response to an 
overwriting which is requested in an order conforming 
to the predetermined order, thereby only preventing un- 
authorized overwriting. 

[0130] In the present example, for example, a circuit 
which examines an order in which a number of address- 
es were accessed may be used as the security control 
circuit 319, e.g., as described in Japanese Application 
No. 2000-121844, supra. 

[0131] In Examples 1 to 4, in the case where non-vol- 
atile memory cells are employed as address storage cir- 
cuits, it is possible to realize an arrangement in which a 
single instance of requesting overwriting in the wrong 
order will result in perpetual prohibition of overwriting, 
whereby enhanced security can be provided. 
[0132] On the other hand, in the case where volatile 
memory cells are employed as address storage circuits, 



even if overwriting is requested in the wrong order, the 
address storage circuits can always be reset, e.g., by 
once turning the device OFF and then ON, whereby the 
history of any overwriting requested in the wrong order 
can be cleared. As a result, another opportunity for de- 
activating restriction on overwriting will be given. 
[0133] Note that the security function according to the 
present invention can be controlled on the basis of any 
information associated with the address(es) which is 
output from the address storage circuit section and/or 
the data which is output from the data storage circuit 
section, rather than such addresses and/or data them- 
selves. 

[0134] A third party who wishes to attempt any unau- 
thorized use of a semiconductor device to which the 
present invention is applied will have to know the exact 
principle of unauthorized overwriting prevention accord- 
ing to the present invention as well as any and all pre- 
viously stored addresses, in order to completely fully 
overwrite the stored contents. Thus, any unauthorized 
access by a third party not having such information can 
be very effectively blocked. 

[0135] The present invention is generally applicable 
to any semiconductor device that incorporates a circuit 
which functions as a memory, as well as commonly- 
used memory devices. For example, the present inven- 
tion finds use in processors having internal memories, 
LCD controllers having internal VRAMs, and the like. 
[0136] As described above, according to the present 
invention, a formidable security function for a semicon- 
ductor device having rewritable semiconductor memory 
cells can be provided without requiring any special de- 
vices external to the semiconductor device, such that it 
is difficult for any third party to decipher the method for 
controlling the security function. Thus, unauthorized ac- 
cess can be very effectively blocked while minimizing 
the influences on product size and/or cost. 
[0137] Various other modifications will be apparent to 
and can be readily made by those skilled in the art with- 
out departing from the scope and spirit of this invention. 
Accordingly, it is not intended that the scope of the 
claims appended hereto be limited to the description as 
set forth herein, but rather that the claims be broadly 
construed. 



Claims 

1 . A semiconductor device comprising: 

a memory having a memory space for record- 
ing data, the memory space including address- 
es; 

at least one first storage section for storing at 
least aportion of an address at which access to 
the memory space is requested and/or data 
which is requested to be written to the memory 
space; and 
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an operation restriction circuit for at least par- 
tially restricting operations to be performed on 
the memory, 

wherein the operation restriction circuit controls 
restriction on the operations to be performed on 
the memory based on at least a portion of the 
data and/or the address stored in the at least 
one first storage section. 

2. A semiconductor device according to claim 1, 
wherein the access is a write operation. 

3. A semiconductor device according to claim 1, 
wherein the at least one first storage section com- 
prises a plurality of storage subsections. 

4. A semiconductor device according to claim 1, 
wherein, if at least one of the at least one first stor- 
age section does not contain the address or data 
stored therein, the operation restriction circuit main- 
tains restriction on the operations to be performed 
on the memory. 

5. A semiconductor device according to claim 1, 
wherein: 

the at least one first storage section includes 
an address storage section for storing the ad- 
dress, and a data storage section for storing the 
data: 

the semiconductor device includes a compari- 
son circuit for performing a comparison of data 
in the memory space as designated by the ad- 
dress stored in the address storage section 
against the data stored in the data storage sec- 
tion; and 

the operation restriction circuit maintains re- 
striction on the operations to be performed on 
the memory if a result of the comparison by the 
comparison circuit does not match. 

6. A semiconductor device according to claim 1, fur- 
ther comprising: 

a second storage section for storing a reference 
address; and 

a comparison circuit for performing a compari- 
son of the address stored in the first storage 
section against the reference address stored in 
the second storage section, 
wherein the operation restriction circuit deacti- 
vates restriction on the operations to be per- 
formed on the memory if a result of the compar- 
ison by the comparison circuit matches. 

7. A semiconductor device according to claim 1, 
wherein: 



the memory includes a storage unit for contain- 
ing data which is to be concurrently rewritten; 
and 

the first storage section is included in the stor- 
5 age unit. 

8. A control device for controlling a memory having a 
memory space for recording data, the memory 
space including addresses, the control device com- 

10 prising: 

at least one first storage section for storing at 
least a portion of an address at which access 
to the memory space is requested and/or data 
15 which is requested to be written to the memory 

space; and 

an operation restriction circuit for at least par- 
tially restricting operations to be performed on 
the memory, 

20 wherein the operation restriction circuit controls 

restriction on the operations to be performed on 
the memory based on at least a portion of the 
data and/or the address stored in the at least 
one first storage section. 

25 

9. A control device according to claim 8, wherein the 
access is a write operation. 

10. A control device according to claim 8, wherein 

30 the at least one first storage section compris- 

es a plurality of storage subsections. 

11 . A control device according to claim 8, wherein, if at 
least one of the at least one first storage section 

35 does not contain the address or data stored therein, 
the operation restriction circuit maintains restriction 
on the operations to be performed on the memory. 

12. A control device according to claim 8, wherein: 

40 

the at least one first storage section includes 
an address storage section for storing the ad- 
dress, and a data storage section for storing the 
data; 

45 the semiconductor device .includes a compar- 

ison circuit for performing a comparison of data 
in the memory space as designated by the ad- 
dress stored in the address storage section 
against the data stored in the data storage sec- 

50 tion; and 

the operation restriction circuit maintains re- 
striction on the operations to be performed on 
the memory if a result of the comparison by the 
comparison circuit does not match. 

55 

13. A control device according to claim 8, further com- 
prising: 
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a second storage section for storing a reference 
address; and 

a comparison circuit for performing a compari- 
son of the address stored in the first storage 
section against the reference address stored in 5 
the second storage section, 
wherein the operation restriction circuit deacti- 
vates restriction on the operations to be per- 
formed on the memory if a result of the compar- 
ison by the comparison circuit matches. 10 

14. A control device according to claim 8, wherein: 

the memory includes a storage unit for contain- 
ing data which is to be concurrently rewritten; 15 
and 

the first storage section is included in the stor- 
age unit. 
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